Given that protocols and standards effect NZ network operators, this
seems to be on topic.
Seeing how IETF handles these issues and rebuilds trust will be interesting.
---------- Forwarded message ----------
From: Alicia Jackson
Date: 10 September 2013 08:03
Subject: [isoc-advisory-council] STATEMENT: Internet Society Responds
to Reports of the U.S. Government’s Circumvention of Encryption
Technology
To: "isoc-advisory-council(a)elists.isoc.org"
Internet Society Responds to Reports of the U.S. Government’s
Circumvention of Encryption Technology
The Internet Society is alarmed by continuing reports alleging
systematic United States government efforts to circumvent Internet
security mechanisms. The Internet Society President and CEO, Lynn St.
Amour, said, “If true, these reports describe government programmes
that undermine the technical foundations of the Internet and are a
fundamental threat to the Internet’s economic, innovative, and social
potential. Any systematic, state-level attack on Internet security and
privacy is a rejection of the global, collaborative fabric that has
enabled the Internet's growth to extend beyond the interests of any
one country.”
The Internet Society believes that global interoperability and
openness of the Internet are pre-requisites for confidence in online
interaction, they unlock the Internet as a forum for economic and
social progress, and they are founded on basic assumptions of trust.
We are deeply concerned that these principles are being eroded and
that users' legitimate expectations of online security are being
treated with contempt.
As the institutional home of the Internet Engineering Task Force
(IETF), we believe that open and transparent processes are essential
for security standardization, and result in better outcomes than any
alternative approach. For example, protocols developed by the IETF
are open for all to see, inspect, and verify, as are the open and
inclusive processes by which they are specified.
IETF Chairman Jari Arkko has strongly reiterated the IETF’s commitment
to improving security in the Internet, and to seeking ways of
improving security protocols in light of these new revelations and
security threats. “The IETF has a long-standing commitment to
openness and transparency in developing security protocols for the
Internet, and sees this as critical to confidence in their use and
implementation.” To read more, visit:
http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/.
However, the open development of robust technical specifications is
just one link in the chain. Security standards must be properly
implemented and used. This is a wake-up call for technology developers
and adopters alike, to reexamine what we can do to ensure that all
links in the chain are equally strong. This is key to helping restore
public trust and confidence in the Internet.
The Internet has tremendous potential for economic and social good,
but unless all stakeholders trust the Internet as a safe place for
business, social interaction, academic enquiry, and self-expression,
those economic and social benefits are put at risk. To fulfill its
potential, the Internet must be underpinned by the right combination
of technology, operational processes, legislation, policy, and
governance. The recent reports suggest that U.S. Government programmes
have systematically undermined some or all of those measures, and that
is why we view the revelations with such grave concern.
With this mind, we issue these calls to action for the global community:
• To every citizen of the Internet: let your government
representatives know that, even in matters of national security, you
expect privacy, rule of law, and due process in any handling of your
data.
Security is a collective responsibility that involves multiple
stakeholders. In this regard, we call on:
•Those involved in technology research and development: use the
openness of standards processes like the IETF to challenge assumptions
about security specifications.
•Those who implement the technology and standards for Internet
security: uphold that responsibility in your work, and be mindful of
the damage caused by loss of trust.
•Those who develop products and services that depend on a trusted
Internet: secure your own services, and be intolerant of insecurity in
the infrastructure on which you depend.
•To every Internet user: ensure you are well informed about good
practice in online security, and act on that information. Take
responsibility for your own security.
At the Internet Society, we remain committed to advancing work in
areas such as browser security, privacy settings, and digital
footprint awareness in order to help users understand and manage their
privacy and security. The citizens of the Internet deserve a global
and open platform for communication built on solid foundations of
security and privacy.
_______________________________________________
Isoc-advisory-council mailing list
Isoc-advisory-council(a)elists.isoc.org
https://elists.isoc.org/mailman/listinfo/isoc-advisory-council
